Month: September 2023

0 Comments
The Russian firm Operation Zero has announced a staggering $20m reward for hacking tools capable of compromising iPhones and Android devices.  The company unveiled this increased payout on X (formerly Twitter) on Tuesday, aiming to attract top-tier researchers and developer teams to collaborate with their platform. Under this program, Operation Zero is willing to pay
0 Comments
Sep 30, 2023THNRansomware / Cyber Threat The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. “During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit,
0 Comments
Video During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan 29 Sep 2023 This week, ESET researchers unveiled their findings about an attack by the North Korea-linked APT group Lazarus that took aim at an aerospace company in Spain. The group obtained initial access to the
0 Comments
The UK’s information commissioner has called for an immediate end to the use of excel spreadsheets to publish Freedom of Information (FOI) data. The data protection regulator issued an advisory notice yesterday to all public authorities in the wake of a hugely damaging leak at the Police Service of Northern Ireland (PSNI) last month. Among other
0 Comments
One US lawmaker has warned that the impending government shutdown will put critical cyber workers out of action, leaving Americans exposed to damaging cyber-attacks. Democratic Congresswoman Rep. Shontel Brown made the remarks during a Joint Subcommittee Hearing on Ransomware on September 27, 2023, which discussed how to combat rising ransomware attacks on US infrastructure. The
0 Comments
Sep 28, 2023The Hacker NewsBrowser Security / Cybersecurity The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today’s SaaS-centric world. The limitations of Browser Isolation, such
0 Comments
Secure Coding, Business Security Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security? 26 Sep 2023  •  , 5 min. read There are – and will always be – vulnerabilities in software. Just like there is no perfect security, there
0 Comments
Russian cyber-attacks against Ukraine skyrocketed in the first half of 2023, with 762 incidents observed by Ukraine’s State Service of Special Communications and Information Protection (SSSCIP). This represents a 123% surge compared with the second half of 2022. However, the SSSCIP also found that these attacks were significantly less successful than in the past, with
0 Comments
Fear, ignorance and forgetfulness are some of the reasons for widespread shortcomings in reporting cyber-attacks and breaches, both internally and externally, according to a new global survey conducted by Keeper Security. The study, Cybersecurity Disasters Survey Incident Reporting & Disclosure, was published on September 26, 2023. It found that, despite cyber-attacks being top of mind
0 Comments
Dear Naked Security readers, Firstly, thank you for your interest, your time, and your contributions to the Naked Security community. Your invaluable engagement and expertise have helped improve cybersecurity for everyone. We have recently added the extensive catalog of Naked Security articles to the Sophos News blog platform, enabling us to provide all Sophos security
0 Comments
SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance.
0 Comments
A Nigerian extradited to the US had pleaded guilty to his part in a multimillion-dollar business email compromise (BEC) conspiracy. Kosi Goodness Simon-Ebo, 29, pleaded guilty late last week to conspiracy to commit wire fraud and conspiracy to commit money laundering. From February to July 2017, he conspired with several others, including some living in
0 Comments
Sep 25, 2023THNCyber Attack / Phishing Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. “Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service
0 Comments
Video Two ESET malware researchers took to the LABScon stage this year to deconstruct sophisticated attacks conducted by two well-known APT groups 22 Sep 2023 The lineup of speakers at this year’s edition of LABScon featured two ESET malware researchers who took to the stage to deconstruct sophisticated attacks conducted by two well-known APT groups.
0 Comments
The US Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Football League (NFL), Allegiant Stadium and Super Bowl LVIII partners, has conducted a cybersecurity tabletop exercise this week in preparation for Super Bowl LVIII. The exercise aimed to assess and enhance cybersecurity response capabilities, plans and procedures for the upcoming event. The Super
0 Comments
Sep 23, 2023THNCyber Espionage / Malware Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. “Deadglyph’s architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly,” ESET
0 Comments
A US government contractor working as an IT administrator at the State department is facing a maximum penalty of death or life in prison after being arrested on serious espionage charges. Abraham Teklu Lemma, 50, of Silver Spring, Maryland, has been charged with delivering national defense information to aid a foreign government, conspiracy to deliver
0 Comments
Sep 22, 2023The Hacker NewsMITRE ATT&CK / Cybersecurity Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluation. This testing is critical for evaluating vendors because it’s virtually impossible to
0 Comments
The typical business in the US and UK loses over 4% of their online revenue every year due to malicious bot attacks, according to a new report from Netacea. The firm’s Death by a Billion Bots report was compiled from a survey of 440 businesses with an average online revenue of $1.9bn across the travel,
0 Comments
Sep 21, 2023The Hacker NewsSaaS Security / App Security Security teams are familiar with threats emanating from third-party applications that employees add to improve their productivity. These apps are inherently designed to deliver functionality to users by connecting to a “hub” app, such as Salesforce, Google Workspace, or Microsoft 365. Security concerns center on the
0 Comments
The International Criminal Court (ICC) yesterday confirmed the discovery of suspicious activity inside its IT network but revealed little else of a worrying security breach last week. The Netherlands-headquartered tribunal, which tries suspects of war crimes and crimes against humanity, posted a brief statement to X (formerly Twitter). “At the end of last week, the International
0 Comments
Sep 20, 2023The Hacker NewsWeb Application Security Well, you shouldn’t. It may already be hiding vulnerabilities. It’s the modular nature of modern web applications that has made them so effective. They can call on dozens of third-party web components, JS frameworks, and open-source tools to deliver all the different functionalities that keep their customers happy,